module.exports = (req, res, next) => {
  // 允许所有源的请求，实际生产环境建议指定具体的源
  res.setHeader('Access-Control-Allow-Origin', '*'); 
  // 允许的请求方法
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE'); 
  // 允许的请求头
  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); 
  next();
};